On 07-10-2017 21.36, MAYER Hans wrote:
>> Dear All,
>> We are using response-policy zones as a service from spamhaus.org
> This is used for web access as well as for SMTP ( incoming and outgoing )
> Actually this worked fine over years.
> Now we have the situation if I dig www.airindia.in I get as result
>> ;; ADDITIONAL SECTION:
> bad-nameservers.rpz.spamhaus.org. 60 IN SOA need.to.know.only. hostmaster.spamhaus.org. 1507403414 300 60 432000 60
>> This indicates that it is listed in the bad-nameservers.rpz.spamhaus.org database from spamhaus.org which I have configured as a slave zone in my DNS server.
> Our employees are travelling a lot and therefore it is not acceptable that the Indian Airline is not reachable.
>> Such zones are defined as type slave. Therefore it’s not possible to update such a zone.
> I also tried to define these records in my own RPZ and hoping it has higher priorities. But it isn’t.
> Finally I tried a forward only zone for airindia.in to a server in my environment which does not use RPZ. But this doesn’t work too.
>> Any ideas how I could shade or overwrite the content of RPZ ?
I would look at the mail server configuration. It might be possible to
add a positive list in front of the spamhaus lookup.
>> I am using BIND 9.11.2
>>> Kind regards
> Hans
>> —
>>> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>> bind-users mailing list
>bind-users at lists.isc.org>https://lists.isc.org/mailman/listinfo/bind-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"